Which technique can an intruder use to try to evade detection by a Snort sensor?
A) exceed the maximum number of fragments that a sensor can evaluate
B) split the malicious payload over several fragments to mask the attack signature
C) disable a sensor by exceeding the number of packets that it can fragment before forwarding
D) send more packet fragments than the destination host can reassemble, to disable the host without regard to any intrusion-detection devices that might be on the network
Correct Answer:
Verified
Q96: Which interface type allows for bypass mode?
A)
Q97: What does protocol normalization do?
A) compares evaluated
Q98: Which interface type allows for VLAN tagging?
A)
Q99: Which area is created between screening devices
Q100: Which option is a valid whitelist evaluation
Q102: Which action should you perform to enable
Q103: When Snort receives packets, in which order
Q104: Which statement about the detection engine configuration
Q105: Which output is in a lightweight, binary
Q106: Other than intrusion sensing, which other function
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents